United Kingdom

Privacy Culture

Britons, much like other Europeans do value their right to privacy and the state has an obligation to protect that right for its citizens while keeping it in balance with other rights. In comparison with other European states, the Information Commissioner’s Office (ICO), Britain’s competent authority in terms of Privacy and Data Protection, tends to follow a more business-friendly approach in enforcement. However, the ICO is also one of the most informative authorities, publishing a wide range of relevant information online, keeping UK citizens updated with all the latest trends.

According to a EuroBarometer survey sponsored by the European Commission, Britons feel more slightly more comfortable with the control of their personal data and with sharing it online. ). Other interesting perceptions that the Survey reveals relate to the Britons' attitude towards disclosure of personal data and their perceptions of management of personal data by various parties

Legal History

The basic and most comprehensive UK law governing the protection of personal information at the moment is the Data Protection Act 1998. It has evolved from the 1984 Data Protection Act, the 1987 Personal Files Act and from the incorporation of the EU Data Protection Directive 95/46/EC. The Act has been updated in 2003 and then in 2011 again with the Privacy and Electronic Communication Regulations, and a series of other statutes.

The ICO has been one of the most active data protection authorities across Europe in terms of issuing clarifications of privacy & data protection law for both consumers and businesses. The ICO hosts a wide range of resources for the public concerning identity theft, CCTV, credit, bankruptcy, employment, SPAM, nuisance calls, drones and others. For businesses the ICO has published a number of guidelines, that do not constitute binding law, but rather a best practice which if followed, will lead to legal compliance. The resources published include information on over 30 different topics including audits, anonymisation, Big Data, data sharing, data deletion, marketing, privacy by design, privacy notice, and probably most importantly, monetary penalties.

Enforcement and Court Action

The public body responsible for enforcement of data protection and privacy laws in the United Kingdom is the ICO. Over the last couple of years there is a clear trend for increased enforcement. There has been a significant increase in both the number of monetary penalties imposed as well as in the amount of these penalties. The number of actions taken by the Information Commissioner’s Office in the first half of 2014 is double than all actions taken in the whole of 2013.

In 2014 alone, The UK has seen a total of 69 actions taken by the Information Commissioner’s Office against both public and private companies in breach of Data Protection Rules. There is also a 69% rise in detected security accidents across the UK what is almost three times higher than the Global average.

Corporate Risk

In the United Kingdom, both public and private organizations in breach of data protection & privacy laws face serious risk for actions by the Information Commissioner’s Office. In 2014, inadequate data security tops the chart in terms of Data Protection Act breaches. For such and other breaches the ICO has the power to impose:

The Information Commissioner’s Office issued 11 Enforcement Notices during 2014 and imposed monetary penalties totaling £1,152,500. The large majority of those concern Direct Marketing breaches of the Privacy and Electronic Communication Regulation. Remedial action was required within a month after issuing the majority of the notices. The number of criminal law prosecutions for breaches of Data Protection & Privacy Laws in the UK has tripled since 2012 to the amount of 18 actions in total in 2014. Half of these concern failure to notify the authority for the processing of personal data. In total 29 actions for mandatory undertakings have been issued. The majority of these concern the public sector.

Future Outlook

Being part of the European Union, the United Kingdom is expected to implement the new, currently debated EU General Regulation on Data Protection (Proposal from 2012) within two years after its adoption. The final text is now highly likely to be agreed upon by late 2015 or early 2016 and to come in force in by 2017/2018. The new text is expected to bring higher standards of protection, increased (monetary) penalties for failure to adhere to obligations and more uniformity across the Continent. The new law is designed as comprehensive EU Regulation, laying very similar if not the same legal provisions across all EU Member states. to ease data protection compliance but that would not come without additional corporate risks and costs.

Data Protection & Privacy law is evolving quickly across the world including in Europe and in the United Kingdom in particular. Developments of UK jurisprudence in 2015 hint the emergence of data protection rights as a non-contractual obligation. In the Vidal-Hall et al v Google case, the UK Court of Appeals confirmed that misuse of private information can breach a non-contractual obligation for the purposes of the rules providing for service of proceedings in the English jurisdiction. Thus, in 2015 it has been held that individuals who seek redress against a foreign company (Google Inc., based in California in that case) can bring a claim against that company when its in breach of domestic privacy laws and can claim compensation under the Data Protection Act 1998 for non-material loss. The case is still ongoing and the privacy community is following it with keen interest.

Our consultants have been leading the way in data privacy/protection recruitment since the earlier years of data protection legislation

Specialists in data protection recruitment for all sectors and all international geographies

We hire privacy focused law graduates and CIPP qualified candidates for our own in-house research team.

DPR have market-leading data protection and information governance recruitment experience, and always provide a professional efficient and friendly service.

Head of Data Protection Consulting.

Hugo at DPR who manages the team has been the leading name in data privacy/protection recruitment from the beginning, DPR is the leading company in data privacy recruitment and they deliver on UK and international vacancies efficiently and effectively.

Deputy Chief Privacy Officer

If you need to recruit additional support or leadership within your organisation, or if you are interested in developing your own data protection career, then I highly recommend Data Privacy Recruitment Ltd.

Senior Executive, International Data Privacy

Data Privacy recruitment provided in-depth information about the UK privacy legal services market both in-house and private practice, their knowledge of the market is outstanding. For me it was their professionalism and support that really made the difference, I would highly recommend to any lawyer who is looking to further develop their career in the privacy market

Data Privacy Lawyer

DPR

"Always professional, confidential and reliable, our success is as a result of market knowledge, experience and how we work with our clients and candidates."

Address

Data Privacy Recruitment LTDLondon

Notice:
Data Privacy Recruitment has updated its website in compliance with the
EU Cookie Legislation.
Please review our policy to find out about which cookies we use and what information we collect on our website.
By continuing to use this site, you are agreeing to our policy.